With the growing use of the Internet and secure web sites that require user login/password to be able to access sensitive data such as bank accounts, confidential email, credit card information, merchant accounts etc., users are required to remember a lot of sensitive data, such as the user account name and password for these sites. Given the myriad of rules that apply to login and password fields at sites, it is almost impossible for a user to remember all the details. By way of example, user login can be a social security number at some sites, an email address at others, and an oblique character string (e.g., “baskd2485)” at yet other sites. Similarly, passwords follow different rules with respect to mix of letter case, symbols and numbers and length. To deal with this quagmire, many users just store this type of information in a normal document such as a text file or a word processing document. However, this is especially insecure as the data is stored in plain text and is available to anyone with access to the files to see in plain sight.
Form-fill applications such as those offered in browser toolbars have been created in recent years to fill this gap. They offer some level of security in that the data is encrypted with a master password and the user needs to remember just the master password. While this is better than plain files, all known current form-fill applications are inadequate for several reasons. First, the data could be lost if there is a hard-disk corruption/computer failure. Second, the data is not available for access on any computer other than the one where it is stored and finally keeping the data synchronized across multiple computers is cumbersome, because it can be done only manually.
One solution to portability and synchronization issues is to allow the storage of the data on portable storage devices such as USB key chain storage devices. While this helps in some ways, there is still the risk of the storage device being lost or damaged resulting in total loss of data. It also means that the device has to be carried around and there is no access unless you have the device at hand.
Many of these problems would disappear if the data could be stored on a server side. Indeed, many systems store data including credit-card numbers on such sites. However, this is not without its demerits either including but not limited to lack of privacy, at least because the server stores such information in plain text or the key used in encryption is co-located in a data-center. Such storage techniques may allow any hacker who gains sufficient privileges to the computers at the data-center including any malicious employees of the company running the center to retrieve sensitive data, often with relative ease. Moreover, companies running these data-centers run serious risks with respect to liability & goodwill from any accidental exposure of which there have been numerous instances in the past.